From 33292eadee2046306a880f1d7430552c61740524 Mon Sep 17 00:00:00 2001 From: HridoyRoy Date: Tue, 20 Jul 2021 10:31:12 -0700 Subject: [PATCH 1/7] save --- .../docs/commands/operator/diagnose.mdx | 144 ++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 website/content/docs/commands/operator/diagnose.mdx diff --git a/website/content/docs/commands/operator/diagnose.mdx b/website/content/docs/commands/operator/diagnose.mdx new file mode 100644 index 0000000000000..6ffefbb80c9d1 --- /dev/null +++ b/website/content/docs/commands/operator/diagnose.mdx @@ -0,0 +1,144 @@ +--- +layout: docs +page_title: operator diagnose - Command +description: |- + The "operator diagnose" command performs a set of checks using a provided + vault configuration file to report potential issues to the operator when vault + is in a bad state. + +--- + +# operator diagnose + +The operator diagnose command should be used primarily when vault is down or +partially inoperational. The command can be used safely regardless of the state +vault is in, but may return meaningless results for some of the test cases. + +## Usage + +The following flags are available in addition to the [standard set of +flags](/docs/commands) included on all commands. + +### Output Options + +- `-format` `(string: "table")` - Print the output in the given format. Valid + formats are "table", "json", or "yaml". This can also be specified via the + `VAULT_FORMAT` environment variable. + +#### Output Layout (default) + +The operator diagnose command will output a set of lines in the CLI. +Each line will begin with a prefix in parenthesis. These are:. + +- `[ success ]` - Denotes that the check was successful. +- `[ warning ]` - Denotes that the check has passed, but that there may be potential +issues to look into that may relate to the issues vault is experiencing. Diagnose warns +frequently. These warnings are meant to serve as starting points in the debugging process. +- `[ failure ]` - Denotes that the check has failed. Failures are critical issues in the eyes +of the diagnose command. + +In addition to these prefixed lines, there may be output lines that are not prefixed, but are +color-coded purple. These are advice lines from Diagnose, and are meant to offer general guidance +on how to go about fixing potential warnings or failures that may arise. + +### Command Options + +- `-config` `(string; "")` - The path to the vault configuration file used by +the vault server on startup. + +### Diagnose Checks + +The following section details the various checks that Diagnose runs. Check names in documentation +will be separated by slashes to denote that they are nested, when applicable. For example, a check +documented as `A / B` will show up as `B` in the `operator diagnose` output, and will be nested +(indented) under `A`. + +If you encounter an error that is not listed in the `common errors` section of a particular check, +there is a high likelihood that either the error is thrown by a standard library and is +documented by a third party, or that the error is thrown by the vault server itself. + +To account for the former case, links will be provided where possible in the checks below. +In the latter case, the vault logs on the server itself will have further insight, as the +error was caught by the server in addition to the diagnose command. + +#### Vault Diagnose + +blurb + +#### Check Operating System + +blurb + +common errors + +#### Check Open File Limit + +blurb + +common errors + + +#### Check Disk Usage + +blurb + +common errors + +#### Parse Configuration + +blurb + +common errors + +#### Check Storage + +blurb + +common errors + +#### Check Storage / Create Storage Backend + +#### Check Storage / Check Consul TLS + +#### Check Storage / Check Consul Direct Storage Access + +#### Check Storage / Check Storage Access + +#### Check Service Discovery + +#### Check Service Discovery / Check Consul Service Discovery TLS + +#### Check Service Discovery / Check Consul Direct Service Discovery + +#### Create Vault Server Configuration Seals + +#### Check Transit Seal TLS + +#### Create Core Configuration + +#### Create Core Configuration / Initialize Randomness for Core + +#### HA Storage + +This check and any nested checks will be the same as the `Check Storage` checks. +The only difference is that the checks here will be run on whatever is specified in the +`ha_storage` section of the vault configuration, as opposed to the `storage` section. + +#### Determine Redirect Address + +#### Check Cluster Address + +#### Check Core Creation + +#### Check For Autoloaded License + +#### Start Listeners + +#### Start Listeners / Check Listener TLS + +#### Start Listeners / Create Listeners + +#### Check Autounseal Encryption + +#### Check Server Before Runtime + From 5454df9f815b23b851c6301f694be9efcc45f563 Mon Sep 17 00:00:00 2001 From: HridoyRoy Date: Mon, 2 Aug 2021 07:34:27 -0700 Subject: [PATCH 2/7] fix diagnose formatting errors --- vault/diagnose/os_common.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vault/diagnose/os_common.go b/vault/diagnose/os_common.go index 292fd7fe536dc..31794abec5db7 100644 --- a/vault/diagnose/os_common.go +++ b/vault/diagnose/os_common.go @@ -31,10 +31,10 @@ partLoop: Warn(ctx, fmt.Sprintf("Could not obtain partition usage for %s: %v.", partition.Mountpoint, err)) } else { if usage.UsedPercent > 95 { - SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" is %d percent full.", usage.UsedPercent)) + SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" is %f percent full.", usage.UsedPercent)) Advise(ctx, "It is recommended to have more than five percent of the partition free.") } else if usage.Free < 2<<30 { - SpotWarn(ctx, testName, partition.Mountpoint+" has %d bytes full.") + SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" has %d bytes free.", usage.Free)) Advise(ctx, "It is recommended to have at least 1 GB of space free per partition.") } else { SpotOk(ctx, testName, partition.Mountpoint+" usage ok.") From ae0137fbc84c9a175f057bb477c5c25bac058041 Mon Sep 17 00:00:00 2001 From: HridoyRoy Date: Mon, 2 Aug 2021 07:37:57 -0700 Subject: [PATCH 3/7] fix diagnose formatting errors --- .../docs/commands/operator/diagnose.mdx | 144 ------------------ 1 file changed, 144 deletions(-) delete mode 100644 website/content/docs/commands/operator/diagnose.mdx diff --git a/website/content/docs/commands/operator/diagnose.mdx b/website/content/docs/commands/operator/diagnose.mdx deleted file mode 100644 index 6ffefbb80c9d1..0000000000000 --- a/website/content/docs/commands/operator/diagnose.mdx +++ /dev/null @@ -1,144 +0,0 @@ ---- -layout: docs -page_title: operator diagnose - Command -description: |- - The "operator diagnose" command performs a set of checks using a provided - vault configuration file to report potential issues to the operator when vault - is in a bad state. - ---- - -# operator diagnose - -The operator diagnose command should be used primarily when vault is down or -partially inoperational. The command can be used safely regardless of the state -vault is in, but may return meaningless results for some of the test cases. - -## Usage - -The following flags are available in addition to the [standard set of -flags](/docs/commands) included on all commands. - -### Output Options - -- `-format` `(string: "table")` - Print the output in the given format. Valid - formats are "table", "json", or "yaml". This can also be specified via the - `VAULT_FORMAT` environment variable. - -#### Output Layout (default) - -The operator diagnose command will output a set of lines in the CLI. -Each line will begin with a prefix in parenthesis. These are:. - -- `[ success ]` - Denotes that the check was successful. -- `[ warning ]` - Denotes that the check has passed, but that there may be potential -issues to look into that may relate to the issues vault is experiencing. Diagnose warns -frequently. These warnings are meant to serve as starting points in the debugging process. -- `[ failure ]` - Denotes that the check has failed. Failures are critical issues in the eyes -of the diagnose command. - -In addition to these prefixed lines, there may be output lines that are not prefixed, but are -color-coded purple. These are advice lines from Diagnose, and are meant to offer general guidance -on how to go about fixing potential warnings or failures that may arise. - -### Command Options - -- `-config` `(string; "")` - The path to the vault configuration file used by -the vault server on startup. - -### Diagnose Checks - -The following section details the various checks that Diagnose runs. Check names in documentation -will be separated by slashes to denote that they are nested, when applicable. For example, a check -documented as `A / B` will show up as `B` in the `operator diagnose` output, and will be nested -(indented) under `A`. - -If you encounter an error that is not listed in the `common errors` section of a particular check, -there is a high likelihood that either the error is thrown by a standard library and is -documented by a third party, or that the error is thrown by the vault server itself. - -To account for the former case, links will be provided where possible in the checks below. -In the latter case, the vault logs on the server itself will have further insight, as the -error was caught by the server in addition to the diagnose command. - -#### Vault Diagnose - -blurb - -#### Check Operating System - -blurb - -common errors - -#### Check Open File Limit - -blurb - -common errors - - -#### Check Disk Usage - -blurb - -common errors - -#### Parse Configuration - -blurb - -common errors - -#### Check Storage - -blurb - -common errors - -#### Check Storage / Create Storage Backend - -#### Check Storage / Check Consul TLS - -#### Check Storage / Check Consul Direct Storage Access - -#### Check Storage / Check Storage Access - -#### Check Service Discovery - -#### Check Service Discovery / Check Consul Service Discovery TLS - -#### Check Service Discovery / Check Consul Direct Service Discovery - -#### Create Vault Server Configuration Seals - -#### Check Transit Seal TLS - -#### Create Core Configuration - -#### Create Core Configuration / Initialize Randomness for Core - -#### HA Storage - -This check and any nested checks will be the same as the `Check Storage` checks. -The only difference is that the checks here will be run on whatever is specified in the -`ha_storage` section of the vault configuration, as opposed to the `storage` section. - -#### Determine Redirect Address - -#### Check Cluster Address - -#### Check Core Creation - -#### Check For Autoloaded License - -#### Start Listeners - -#### Start Listeners / Check Listener TLS - -#### Start Listeners / Create Listeners - -#### Check Autounseal Encryption - -#### Check Server Before Runtime - From 5a79ead1f17536c36865e98a19a4e84a89f47269 Mon Sep 17 00:00:00 2001 From: HridoyRoy Date: Mon, 2 Aug 2021 08:23:52 -0700 Subject: [PATCH 4/7] change powers --- vault/diagnose/os_common.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/vault/diagnose/os_common.go b/vault/diagnose/os_common.go index 31794abec5db7..eb60297132ac5 100644 --- a/vault/diagnose/os_common.go +++ b/vault/diagnose/os_common.go @@ -31,10 +31,15 @@ partLoop: Warn(ctx, fmt.Sprintf("Could not obtain partition usage for %s: %v.", partition.Mountpoint, err)) } else { if usage.UsedPercent > 95 { - SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" is %f percent full.", usage.UsedPercent)) + SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" is %.2f percent full.", usage.UsedPercent)) Advise(ctx, "It is recommended to have more than five percent of the partition free.") - } else if usage.Free < 2<<30 { - SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" has %d bytes free.", usage.Free)) + } else if usage.Free < 1<<30 { + if usage.Free > 1<<20 { + // convert warning to MB to be more human readable + SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" has %d bytes free.", int64(usage.Free/(1<<20)))) + } else { + SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" has %d bytes free.", usage.Free)) + } Advise(ctx, "It is recommended to have at least 1 GB of space free per partition.") } else { SpotOk(ctx, testName, partition.Mountpoint+" usage ok.") From 7392d48129d22a7f8d75870a87a1d6f450e9adc9 Mon Sep 17 00:00:00 2001 From: HridoyRoy Date: Mon, 2 Aug 2021 08:28:04 -0700 Subject: [PATCH 5/7] change powers --- vault/diagnose/os_common.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/diagnose/os_common.go b/vault/diagnose/os_common.go index eb60297132ac5..2a32017604e16 100644 --- a/vault/diagnose/os_common.go +++ b/vault/diagnose/os_common.go @@ -36,7 +36,7 @@ partLoop: } else if usage.Free < 1<<30 { if usage.Free > 1<<20 { // convert warning to MB to be more human readable - SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" has %d bytes free.", int64(usage.Free/(1<<20)))) + SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" has %d MB free.", int64(usage.Free/(1<<20)))) } else { SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" has %d bytes free.", usage.Free)) } From 04fa33c4e05023b4aef8d1542cd66cd12ec89957 Mon Sep 17 00:00:00 2001 From: HridoyRoy Date: Mon, 2 Aug 2021 08:44:03 -0700 Subject: [PATCH 6/7] use humanize instead of doing the conversion to mb manually --- go.mod | 1 + vault/diagnose/os_common.go | 8 ++------ 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index d53d2c7278764..abc6d597fd431 100644 --- a/go.mod +++ b/go.mod @@ -41,6 +41,7 @@ require ( github.com/docker/go-connections v0.4.0 github.com/dsnet/compress v0.0.1 // indirect github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74 + github.com/dustin/go-humanize v1.0.0 github.com/elazarl/go-bindata-assetfs v1.0.1-0.20200509193318-234c15e7648f github.com/fatih/color v1.11.0 github.com/fatih/structs v1.1.0 diff --git a/vault/diagnose/os_common.go b/vault/diagnose/os_common.go index 2a32017604e16..fac2789f92be7 100644 --- a/vault/diagnose/os_common.go +++ b/vault/diagnose/os_common.go @@ -7,6 +7,7 @@ import ( "fmt" "strings" + "github.com/dustin/go-humanize" "github.com/shirou/gopsutil/disk" ) @@ -34,12 +35,7 @@ partLoop: SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" is %.2f percent full.", usage.UsedPercent)) Advise(ctx, "It is recommended to have more than five percent of the partition free.") } else if usage.Free < 1<<30 { - if usage.Free > 1<<20 { - // convert warning to MB to be more human readable - SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" has %d MB free.", int64(usage.Free/(1<<20)))) - } else { - SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" has %d bytes free.", usage.Free)) - } + SpotWarn(ctx, testName, fmt.Sprintf(partition.Mountpoint+" has %s free.", humanize.Bytes(usage.Free))) Advise(ctx, "It is recommended to have at least 1 GB of space free per partition.") } else { SpotOk(ctx, testName, partition.Mountpoint+" usage ok.") From cad6d8e3d947c19bebe1e23edb49d591c94ab953 Mon Sep 17 00:00:00 2001 From: HridoyRoy Date: Mon, 2 Aug 2021 09:30:59 -0700 Subject: [PATCH 7/7] cl --- changelog/12229.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/12229.txt diff --git a/changelog/12229.txt b/changelog/12229.txt new file mode 100644 index 0000000000000..6503ba5e97c9f --- /dev/null +++ b/changelog/12229.txt @@ -0,0 +1,3 @@ +```release-note:bug +core: fix byte printing for diagnose disk checks +```